SecurityFocus Microsoft Newsletter #278
----------------------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" -
White Paper Blind SQL Injection can deliver total control of your server to a
hacker giving them the ability to read, write and manipulate all data stored in
your backend systems! Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000C3f7
------------------------------------------------------------------
I. FRONT AND CENTER
1. Coffee shop WiFi for dummies
2. Sebek 3: tracking the attackers, part two
3. Privacy and anonymity
II. MICROSOFT VULNERABILITY SUMMARY
1. PostgreSQL Set Session Authorization Denial of Service Vulnerability
2. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
3. Microsoft Windows IGMPv3 Denial of Service Vulnerability
4. Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability
5. Microsoft Windows Korean Input Method Editor Privilege Escalation
Vulnerability
6. SSH Tectia Server Remote Format String Vulnerability
7. Microsoft Windows Web Client Buffer Overflow Vulnerability
8. Isode M-Vault Server LDAP Memory Corruption Vulnerability
9. Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
10. Microsoft Windows Media Player Bitmap Handling Buffer Overflow
Vulnerability
11. eStara Softphone Multiple Denial of Service Vulnerabilities
12. AttachmateWRQ Reflection for Secure IT Remote Format String
Vulnerability
13. Nullsoft Winamp M3U File Denial of Service Vulnerability
14. Microsoft February Advance Notification Multiple Vulnerabilities
15. HP Systems Insight Manager Unspecified Directory Traversal
Vulnerability
16. Sun ONE Directory Server Remote Denial Of Service Vulnerability
17. Lotus Domino LDAP Denial of Service Vulnerability
18. Ritlabs The Bat! Message Header Spoofing Weakness
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #277
2. SNMP service
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Coffee shop WiFi for dummies
By Scott Granneman
The average user has no idea of the risks associated with public WiFi hotspots.
Here are some very simple tips for them to keep their network access secure.
http://www.securityfocus.com/columnists/385
2. Sebek 3: tracking the attackers, part two
By Raul Siles, GSE
The second article in this honeypot series discusses best practices for
deploying Sebek 3 inside a GenIII honepot, and shows how to patch Sebek to
watch all the attacker's activities in real-time.
http://www.securityfocus.com/infocus/1858
3. Privacy and anonymity
By Kelly Martin
Privacy and anonymity on the Internet are as important as they are difficult to
achieve. Here are some of the the current issues we face, along with a few
suggestions on how we can become a little more anonymous on the Web.
http://www.securityfocus.com/columnists/386
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. PostgreSQL Set Session Authorization Denial of Service Vulnerability
BugTraq ID: 16650
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the application, effectively
denying service to legitimate users.
Successful exploitation of this issue requires that the application is compiled
with 'Asserts' enabled; this is not the default setting.
2. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
BugTraq ID: 16649
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16649
Summary:
PostgreSQL is susceptible to a remote privilege escalation vulnerability. This
issue is due to a flaw in the error path of the 'SET ROLE' function.
This issue allows remote attackers with database access to gain administrative
access to affected database servers. As administrative access to the database
allows filesystem access, other attacks against the underlying operating system
may also be possible.
3. Microsoft Windows IGMPv3 Denial of Service Vulnerability
BugTraq ID: 16645
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16645
Summary:
A vulnerability in the handling of IGMPv3 (Internet Group Management Protocol)
packets could result in a denial of service.
An attacker can exploit this issue through a broadcast attack to cause
vulnerable computers on the subnet to become unresponsive, effectively denying
service to legitimate users.
4. Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability
BugTraq ID: 16644
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16644
Summary:
The Microsoft Windows Media Player plugin for non-Microsoft browsers is prone
to a buffer overflow vulnerability. This issue is due to a failure in the
application to do proper bounds checking on user-supplied data before using it
in a finite sized buffer.
An attacker can exploit this issue to execute arbitrary code on the victim
userĂ¢??s computer in the context of the victim user. This may facilitate a
compromise of the affected computer.
This issue is only exploitable through non-Microsoft browsers that have the
Media Player plugin installed. Possible browsers include Firefox versions .9
and later and Netscape version 8; other browsers with the plugin installed may
also be affected.
5. Microsoft Windows Korean Input Method Editor Privilege Escalation
Vulnerability
BugTraq ID: 16643
Remote: No
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16643
Summary:
Microsoft Windows Korean Input Method Editor is prone to a local privilege
escalation vulnerability.
Successful exploitation can allow local attackers to completely compromise a
vulnerable computer.
6. SSH Tectia Server Remote Format String Vulnerability
BugTraq ID: 16640
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16640
Summary:
A remote format-string vulnerability affects SSH Tectia Server. The application
fails to properly sanitize user-supplied input data before using it in a
formatted-printing function.
A remote attacker may leverage this issue to execute arbitrary machine code,
possibly allowing for privilege escalation and for the bypassing of SFTP-only
access controls on affected SSH servers.
7. Microsoft Windows Web Client Buffer Overflow Vulnerability
BugTraq ID: 16636
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16636
Summary:
The Microsoft Windows Web Client is prone to a buffer overflow. Successful
exploitation could allow arbitrary code execution with System privileges.
8. Isode M-Vault Server LDAP Memory Corruption Vulnerability
BugTraq ID: 16635
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16635
Summary:
Isode M-Vault Server is prone to a memory corruption. This issue may be
triggered by malformed LDAP data.
The exact impact of this vulnerability is not known at this time. Although the
issue is known to crash the server, the possibility of remote code execution is
unconfirmed.
The vulnerability was reported for version 11.3 on the Linux platform; other
versions and platforms may also be affected.
This vulnerability will be updated as further information is made available.
9. Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
BugTraq ID: 16634
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16634
Summary:
Microsoft PowerPoint 2000 is prone to a remote information disclosure
vulnerability. Information gathered may be used to launch further attacks
against a vulnerable computer.
10. Microsoft Windows Media Player Bitmap Handling Buffer Overflow
Vulnerability
BugTraq ID: 16633
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16633
Summary:
Microsoft Windows Media Player is prone to a remote buffer overflow
vulnerability.
The vulnerability arises when the application handles a skin file containing a
specially crafted Bitmap image. This issue can also be triggered by just
supplying a malicious Bitmap to the application, however, it should be noted
that Windows Media Player is not the default handler for bitmap files.
A successful attack can corrupt process memory and result in arbitrary code
execution. This may facilitate a remote compromise in the context of the
vulnerable user.
11. eStara Softphone Multiple Denial of Service Vulnerabilities
BugTraq ID: 16629
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16629
Summary:
eStara Smartphone is prone to multiple denial-of-service vulnerabilities when
processing malformed VOIP headers. Successful exploitation will cause the
device to crash.
12. AttachmateWRQ Reflection for Secure IT Remote Format String Vulnerability
BugTraq ID: 16625
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16625
Summary:
A remote format-string vulnerability affects AttachmateWRQ Reflection for
Secure IT. The application fails to properly sanitize user-supplied input data
before using it in a formatted-printing function.
A remote attacker may leverage this issue to execute arbitrary machine code,
possibly allowing for privilege escalation and for the bypassing of SFTP-only
access controls on affected SSH servers. Attackers may also cause a
denial-of-service condition against the affected SSH server.
13. Nullsoft Winamp M3U File Denial of Service Vulnerability
BugTraq ID: 16623
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16623
Summary:
Winamp is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the application, effectively
denying service to legitimate users. An attacker may be able to exploit this
issue to execute arbitrary code on the victim user's computer; this has not
been confirmed.
This issue is reported to affect version 5.13; other versions may also be
vulnerable.
This issue may be related to BID 9923 (NullSoft Winamp Malformed File Name
Denial of Service Vulnerability).
14. Microsoft February Advance Notification Multiple Vulnerabilities
BugTraq ID: 16575
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16575
Summary:
Microsoft has released advanced notification that they will be releasing seven
security bulletins for Windows on February 14, 2006. The highest severity
rating for these issues is Critical.
Further details about these issues are not currently available. Individual BIDs
will be created and this record will be removed when the security bulletins are
released.
15. HP Systems Insight Manager Unspecified Directory Traversal Vulnerability
BugTraq ID: 16571
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16571
Summary:
HP Systems Insight Manager (SIM) is prone to an unspecified directory-traversal
vulnerability. This issue is most likely due to a failure in the application to
properly sanitize user-supplied input.
Presumably, an attacker can exploit this issue to retrieve arbitrary files in
the context of the affected application. This issue may also permit the
overwriting of arbitrary files.
The exact nature of this vulnerability is not currently known; this BID will be
updated as further information becomes available.
This issue affects only HP SIM on Microsoft Windows 2000, 2003, and XP.
16. Sun ONE Directory Server Remote Denial Of Service Vulnerability
BugTraq ID: 16550
Remote: Yes
Date Published: 2006-02-08
Relevant URL: http://www.securityfocus.com/bid/16550
Summary:
Sun ONE Directory Server is prone to a remote denial-of-service vulnerability.
This issue is due to the application's failure to handle malformed network
traffic.
This issue allows remote attackers to crash the application, denying service to
legitimate users.
17. Lotus Domino LDAP Denial of Service Vulnerability
BugTraq ID: 16523
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16523
Summary:
Lotus Domino LDAP server is prone to a denial-of-service vulnerability when
handling malformed requests.
Lotus Domino version 7.0 is vulnerable; earlier versions may also be affected.
18. Ritlabs The Bat! Message Header Spoofing Weakness
BugTraq ID: 16515
Remote: Yes
Date Published: 2006-02-06
Relevant URL: http://www.securityfocus.com/bid/16515
Summary:
The Bat! is prone to a message-header-spoofing weakness.
Potentially malicious or unwanted email may be untraceable and difficult to
block.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #277
http://www.securityfocus.com/archive/88/424635
2. SNMP service
http://www.securityfocus.com/archive/88/424634
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" -
White Paper Blind SQL Injection can deliver total control of your server to a
hacker giving them the ability to read, write and manipulate all data stored in
your backend systems! Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000C3f7
---------------------------------------------------------------------------
---------------------------------------------------------------------------
